Yesterday we reported that a provision in the revamped French “3 strikes” bill will allow for the punishment of ISP account holders for the copyright infringing actions of others. Now a group of hackers has set out to compromise WiFi routers en masse, in order to create an environment of plausible deniability.
It seems that one way or another President Sarkozy is determined to bring a “3 strikes” regime to France. After underlining his determination during an historic speech to parliament in June, yesterday saw a revised bill accepted by the Senate.
Aside from punishing actual file-sharers, the bill allows the courts to take measures against people who have done no sharing, but are accused simply because they are the one paying the ISP bill. If the court decides that an account holder is guilty of “negligence” – by somehow allowing others to file-share on their connection – it is within a judge’s power to issue a fine up to 1,500 euros along with a 4 week disconnection.
Now, according to Le Monde, some French hackers have come together to throw confusion into the mix, so that punishing these individuals is not a straightforward or guaranteed accurate procedure.
A hacker known only as ‘N’ says he has developed some software known as ‘Hadopi Router’, a term first penned by bloggers who devised the concept. ‘N’, who is said to have previously worked manufacturing routers, says he and a few friends wrote ‘Hadopi Router’ in order to prove that the evidence gathered by the Hadopi agency is unreliable.
“It locates Wi-Fi networks in the neighborhood, then begins to crack all their passwords,” says ‘N’. “Once we have the keys, we can create a virtual access point,” which in basic terms means using the Internet connection without the account holder’s knowledge.
‘N’ says that if an ‘owned’ router has its password changed, the system automatically switches to another Wi-Fi signal in the neighborhood and starts to attack the new password.
Additionally, ‘N’ claims that with Hadopi Router it is possible to monitor activity on the cracked networks but one of his accomplices called ‘V’ says they have no bad intentions.
“We just want to release our software and allow everyone to understand that the technical data used by the Hadopi agency to accuse people will not be reliable. Because of us, the judges will not be able to say that they weren’t aware of that.”
‘N’ says he is already imagining a more ambitious strategy to distribute many dozens of modified routers to a community in order to create a “mini-network”, superimposed over existing ones.
Of course, many wireless routers already have either a complete lack of security or weak WEP encryption enabled, making them sitting ducks for drive-by infringements or less casual ones conducted by neighbors within range.
An IP address does not necessarily identify an individual, in fact one could argue that in many instances these days it doesn’t even identify a computer but merely a gateway to a sub network, behind which could be any number of individuals not linked in any way to a bill payer.
Time will tell how French judges will rule in these “negligence” cases, especially when they have just 5 minutes to do so.